Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 27 March 2015

Written by SRM

27th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Cisco Fixes DoS Vulnerabilities in IOS Software – http://www.securityweek.com/cisco-fixes-dos-vulnerabilities-ios-software

Maine.gov hit by cyber attack for third time in three days – http://www.wgme.com/news/features/top-stories/stories/mainegov-hit-cyber-attack-third-time-three-days-26552.shtml#.VRQNDfmsV8E

Hackers breach Fairbanks city website – https://www.adn.com/article/20150325/hackers-breach-fairbanks-city-website

Amedisys notifies nearly 7,000 individuals of potential breach – http://www.scmagazine.com/amedisys-notifies-nearly-7000-individuals-of-potential-breach/article/405456/

Cisco patches IOS to stop automation exploitation – http://www.theregister.co.uk/2015/03/26/automatic_attacks_cisco_patches_ios_vulns/

One in every three popular website ‘dangerous’: Study – http://cio.economictimes.indiatimes.com/news/digital-security/one-in-every-three-popular-website-dangerous-study/46697206

An SDN vulnerability forced OpenDaylight to focus on security – http://www.csoonline.com/article/2902902/vulnerabilities/an-sdn-vulnerability-forced-opendaylight-to-focus-on-security.html#tk.rss_all

Flaw in common hotel router threatens guests’ devices – http://www.csoonline.com/article/2902740/vulnerabilities/flaw-in-common-hotel-router-threatens-guests-devices.html#tk.rss_all

As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent – https://grahamcluley.com/2015/03/github-ddos-attack/

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants – http://www.hotforsecurity.com/blog/hackers-hijack-school-twitter-account-post-photoshopped-image-of-teacher-in-his-underpants-11628.html

Support Dell System Detect tool put PCs at risk – http://securityaffairs.co/wordpress/35380/security/dell-system-detect-tool-risk.html

Slack confirms hackers accessed its central user database in February, introduces two factor authentication – http://slackhq.com/post/114696167740/march-2015-security-incident-and-launch-of-2fa

State agency hacked; governor calls for study, changes – http://www.washingtontimes.com/news/2015/mar/26/state-agency-hacked-brown-calls-for-third-party-as/

Brunswick school officials, law enforcement investigate district computer hacking – http://portcitydaily.com/2015/03/27/brunswick-school-officials-law-enforcement-investigate-district-computer-hacking/

Bar Mitzvah attack exploits the Invariance Weakness in RC4 – http://securityaffairs.co/wordpress/35352/hacking/bar-mitzvah-attack-on-rc4.html and http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability

Xtube porn website spreads malware, after being compromised by hackers – https://grahamcluley.com/2015/03/xtube-porn-website-spreads-malware-after-being-compromised-by-hackers/

DNV GL: Cyber Attacks on Ships, Offshore Structures Growing Threat – http://worldmaritimenews.com/archives/155807/dnv-gl-cyber-attacks-on-ships-offshore-structures-growing-threat/

Asian hackers using Android malware for sex extortion and blackmail – http://www.ibtimes.co.uk/asian-hackers-using-android-malware-sex-extortion-blackmail-1493509

WebSitePipeline notifying clients of breach – http://www.databreaches.net/websitepipeline-notifying-clients-of-breach/

 

Miscellaneous Infosec stories:

How a hack on Prince Phillip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

Cyber crooks turn to low-tech trickery – http://m.news24.com/fin24/Tech/Featured/Cyber-crooks-turn-to-low-tech-trickery-20150325

The things end users do that drive security teams crazy – http://www.csoonline.com/article/2902186/security-awareness/the-things-end-users-do-that-drive-security-teams-crazy.html#tk.rss_all

Data breaches hurt more than e-retailers’ bottom lines – https://www.internetretailer.com/2015/03/27/data-breaches-hurt-more-e-retailers-bottom-lines

Fighting U.S. Card Data Fraud Overseas – http://www.databreachtoday.co.uk/fighting-us-card-data-fraud-overseas-a-8053

The state of open source security – http://www.csoonline.com/article/2902393/application-security/the-state-of-open-source-security.html#tk.rss_all

Zero day, Web browser vulnerabilities spike in 2014 – http://www.csoonline.com/article/2901895/vulnerabilities/zero-day-web-browser-vulnerabilities-spike-in-2014.html#tk.rss_all

 

Tools, Tips and How it’s done:

Too Many Adverts and Porn pop-ups in your Web Browser? Maybe your Router has been Hijacked – http://www.tripwire.com/state-of-security/security-data-protection/advert-router-hijack/

Vawtrak malware uses steganography to hide update files in favicons – http://securityaffairs.co/wordpress/35308/malware/vawtrak-steganography-favicon.html

Security best practices for users is your first line of defense – http://www.cio.com/article/2901690/security0/security-best-practices-for-users-is-your-first-line-of-defense.html

Evolving Security in the Face of Cyber Attacks – http://www.securityweek.com/evolving-security-face-cyber-attacks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

True Threat Intelligence Finds What’s Related to You – http://www.solutionary.com/resource-center/blog/2015/03/threat-intelligence-part-4/

Reading the Secunia Vulnerability Review 2015 – http://securityaffairs.co/wordpress/35386/hacking/secunia-vulnerability-review-2015.html

9 security gadgets for mobile devices – http://www.csoonline.com/article/2902742/mobile-security/9-security-gadgets-for-mobile-devices.html#jump

Diagnosing networking issues in the Linux Kernel – https://code.mixpanel.com/2015/03/26/diagnosing-networking-issues-in-the-linux-kernel/

Mathematicians build code to take on toughest cyber attacks – https://news.wsu.edu/2015/03/26/mathematicians-build-code-to-take-on-toughest-cyber-attacks/#.VRW4wfmsV8E

Risk-Driven Security: The Approach to Keep Pace With Advanced Threats – http://www.securityweek.com/risk-driven-security-approach-keep-pace-advanced-threats

The CSO Security Career Survival Guide – http://www.csoonline.com/article/2902253/infosec-careers/the-cso-security-career-survival-guide.html#tk.rss_all

Survey: 75% of firms would take hours or longer to spot breach – http://www.csoonline.com/article/2902252/data-breach/survey-75-of-firms-would-take-hours-or-longer-to-spot-breach.html#tk.rss_all

Israeli boffins hack air gap, fire missiles on compromised kit – http://www.theregister.co.uk/2015/03/25/israeli_uni_boffins_fire_missiles_in_hot_new_air_gap_attack/

Ransomware holds schools hostage: ‘Now give us Bitcoin worth $129k, er, $124k, wait …’ – http://www.theregister.co.uk/2015/03/25/school_ransomware/

 

Miscellaneous Privacy stories:

Optus rapped for three privacy breaches – http://www.zdnet.com/article/optus-rapped-for-modem-vulnerabilities/

Mandatory data retention passes Australian parliament – http://www.zdnet.com/article/mandatory-data-retention-passes-australian-parliament/

 

Safeguarding Children and School E-Safety stories:

Why are people so mean to each other online? – http://www.bbc.co.uk/news/technology-31749753

Grooming bans could stop child sex abuse say councils – http://www.bbc.co.uk/news/education-32058575

Children spend six hours or more a day on screens – http://www.bbc.co.uk/news/technology-32067158

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants – http://www.hotforsecurity.com/blog/hackers-hijack-school-twitter-account-post-photoshopped-image-of-teacher-in-his-underpants-11628.html

Facebook acknowledged Australia’s first children’s e-safety, aims to launch Suicide prevention  Support tools – http://customstoday.com.pk/facebook-acknowledged-australias-first-childrens-e-safety-aims-to-launch-suicide-prevention-support-tools/

Feds Financing System to ‘Automatically Detect’ Cyberbullying – http://freebeacon.com/issues/feds-financing-system-to-automatically-detect-cyberbullying/

Manito man pleads guilty to child grooming – http://www.pekintimes.com/article/20150326/NEWS/150329316/1994/NEWS

Brunswick school officials, law enforcement investigate district computer hacking – http://portcitydaily.com/2015/03/27/brunswick-school-officials-law-enforcement-investigate-district-computer-hacking/

FKA Twigs hit back at racist cyber bullies – http://www.3news.co.nz/entertainment/fka-twigs-hit-back-at-racist-cyber-bullies-2015032709

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

cs